Bug bounties

Shares 953

Updated on: February 2, 2017

Since no software can ever be completely secure, whitehats will never be out of a job. Bug bounties are just that, bounties for finding bugs. You find a security hole in a company’s website or app and they pay you. Simple.

Given below are ~500 companies and services that offer rewards for finding bugs in their system. You mission, should you choose to accept, is to pick any of these and help make the world more secure (and get moderately rich while doing it). Simply follow along the link and you’ll find further instructions for finding and reporting bugs.

123 Contact Form	Flexlists	Optimizely
99designs	flood.io	Oracle
Abacus	Flowdock	Orkut
ABN Amro	Flox	Own Cloud
Acorns LLC	Fluxiom	PagerDuty
Acquia	Form Assembly	Pantheon
Active Campaign	Founder Bliss	Panzura
ActiveProspect	Foursquare	Parse
ActiVPN	FoxyCart	PasteCoin
Adapcare	Freedom of the Press Foundation	Paymill
AeroFS	Freelancer	Paypal
Aerohive	Freshbooks	Paysafe
Agora Ciudadana Security	F Secure	Perl
Airbnb	Gallery	Phabricator
Alcyon	Gamma	PHP
Algolia	GateCoin	Pidgin
Altervista	Gemeente Wageningen	PikaPay
Amara	Gemfury	Pinterest
Amazon Web Services	General Motors Company	Piwik
ANCILE Solutions Inc.	getClouder	Pocket
Android Free Apps	Ghost	Polar SSL
Anghami	GhostMail	PostmarkApp
AOL	Ghostscript	Prezi
Apache httpd	Giftcards.com	Protonmail
Appcelerator	Github	PullReview
Apple	Gitlab	Puppet Labs
Apptentive	GlassWire	PureVPN
Aptible	Gliph	Python
Ardour	GoAnimate	Qiwi
ARM mbed	Google	Qmail
Asana	Google PRP	Qualcomm
Ask.com	Gratipay	QuickBT
Asterisk	Greenhouse.io	Rackspace
AT&T	Grok Learning	Rdbhost_service
Attack Secure	Groupon	Recorded Future
Auth0	HackerOne	Reddit
Automattic	Hack the Pentagon	RedHat
Avast!	Harmony	Regiobank NL
AVG Technologies	Help Scout	Relaso
Avira	Heroku	Release Wire
AwardWallet	Hewlett-Packard	Revel Systems
Badoo	Hex-Rays	Ribose
Barracuda Networks	HitBTC	Riot Games
Base	Honeywell	Ripple
Basecamp	Hootsuite	Riskalyze
Beanstalk	HTC	Rocket Chat
Belgium Telenet	Huawei	Romit
BillGuard	Humble Bundle	Ruby
Billys Billing	Hybrid Saas	Ruby on Rails
BiMserver	Ian Dunn	Salesforce
Bing	IBM	Samba
Bitcasa	ICEcoder	Samsung_OLD
Bitcoin.de	Iconfinder	Sandbox Escape
BitGo	iFixit	SAP
Bithunt	Imgur	SBWire
BitMEX	Indeed	Schuberg Philis
Bitnet	Independent Reserve	Scorpion Software
Bitpay	Independer	Segment.io
Bittrex	Inflectra	Sellfy
Bitwage	Informatica	SendSafely
BitWall	Informatiebeveiliging	ServiceRocket
Blackberry	ING NL	Sherpany
Blackphone	Instacart	Shopify
Blinksale	Instagram	Silent Circle
Blockchain.info	Instructure	Silk
Block.io	IntegraXor (SCADA)	Simple
BlockScore	Intel	SimplyBuilt
Blogger	Internetwache	SiteGround
Blue Coat	IRCCloud	Skuid
Bosch	(ISC)²	SKY TV
Box	Issuu	Slack
Braintree	Itbit Exchange	Smart Budget
BTCC	ITRP	Snapchat
BTCXChange	iwantmyname	SNS Bank NL
BTX Trader	Jet.com	Socrata
Buffer	Jobvite	Solvinity
Bugcrowd	jruby	Sonatype
Bugify	Jumplead	Sony
C2FO	Juniper	Sophos
Campaign Monitor	Kadince	Soundcloud
CARD.com	Kaneva	SpectroCoin
Certly	Kayako	SplashID
ChainPay	Keming Labs	Splitwise
ChangeTip	Kenna Security	Spokeo
Chargify	Keybase	Spotify
Chromium Project	Khan Academy	Sprout Social
Chronobank	KPN	Square
Circle	Kraken	Starbucks
CircleCi	Kyup	StatusPage.io
Cisco	LastPass	StopTheHacker
Clef	LaunchKey	Stripe
CloudFlare	Librato	Subledger
Cobalt	Lievensberg Hospital	Swisscom
Code Climate	Liferay	Symantec
Codeigniter	LinkedIn	Tagged
CodePen	Linksys	Tapatalk
Codex Wordpress	Localize	Taptalk
Coinbase	Logentries	Tarsnap
CoinDaddy	OSX Btc LevelDB issue	Team Unify
Coinkite	Magento	Tele2
Coin.Space	Magix AG	Telegram
Coin Space BTC	Magnr	Telekom
Coins.ph	Mahara	Telenet Belgium
Cointrader.net	MaiCoin	Tesla
Commonsware	Mail.Ru	TimeTrex
Compose	Malwarebytes	Trade Only
Constant Contact	ManageWP	Transloadit
CoreOS	Maplogin	Trello
Coupa	Marktplaats	Trend Micro
Coursera	Mastercard	Tuenti
CPanel	Mattermost	Tumblr
cPaperless	Mavenlink	Twilio
Craigslist	Maximum	Twitch
Crix.io	McAfee	Twitter
CrowdShield	MCProHosting	Typo3
Cryptocat	Medium	Uber
Cupcake	Mega.co.nz	Ubiquiti Networks
Customer Insight	Meldium	Udemy
Dato Capital	Meraki	Unitag
Debian Security Tracker	Meteor	United Airlines
Defensie	meXBT	UPC
Dell	Microsoft (bounty programs)	Uphold
Dell Secureworks	Microsoft (Online Services)	Valve Software
Detectify	Microweber	VASCO Data Security
Deutsche Telekom	MIT	VCE
Digital Ocean	Mobidea	Venmo
DigitalSellz	Mobikwik	Veridu
Django	Mobile Vikings	Viadeo
DNN Corporation	Moneybird	Viewpost
DNSimple	MoneyStream	Vimeo
DoorKeeper	Moodle	VK.com
DoSomething	MoonMail	Vodafone Germany
DPD	Motorola	Vodafone (Netherlands)
Dropbox	Movember	Volcanic Pixels
Drupal	Mozilla	Volusion
eBay	Mozu	VSR
Eclipse	Multicraft	Walmart
Edusson	Myntra	Wamba
eFront eLearning CMS	MyStuff2 App	Weave
Elance-oDesk	Namazu	Webconverger
Electronic Arts	Netherlands Security Center	Websecurify
Electronic Frontier Foundation	Nest	Weebly
EMC	NetApp	WePay
Emptrust	Netflix	Western Union
Engineyard	New Relic	Whisper
Envato	Nexmo	WHMCS
Envoy	Nitrous.IO	Windthorst ISD
ESEA	Nokia Siemens Networks	Wink Inc
Ethereum	NolimitVPN	WithinSecurity
Etsy	Norada	WordPoints
EVE	NSN Nokia Solutions Networks	WP API
Eventbrite	Nvidia	Xen
Event Espresso	Observu	Xing
Evernote	Oculus	Xmarks
Expatistan	Offers.com	XMind
ExpressionEngine	OkCupid	Yahoo
Facebook	ok.ru	Yammer
Factlink	OLAcabs	Yandex
Factor.io	Olark	Yesware
FanFootage	Onavo	YouTube
FastMail	OnePageCRM	Zapier
FFmpeg	OpenBSD	Zendesk
Fiat Chrysler Automobles	Openclass Knowledge Base	Zetetic
Firebase	Openfolio	Ziggo
Fireeye	OpenText	Zimbra
Fitbit	Open Xchange	Zynga

theory

Want to be a real hacker? Sign Up!

Recommended | All | New

Bug bounties

Gotta Catch 'Em All

The 5 Best Books for Learning Kali Linux (2017)

The CIA Rule Book on Malware Creation

Limits Of Legality

Hide Data Behind Images